AI & Data Security Engineer

About The Position

Requirements

• 8+ years of professional experience in data security, cybersecurity, security architecture, or data engineering with a primary focus on security.
• Data Platform Security: Proven hands-on experience designing and implementing Role-Based Access Control (RBAC), row-level, and column-level security policies in modern cloud data platforms (specifically Snowflake and/or Databricks/DBX).
• API & Application Security: Strong expertise in API security controls, authentication, and authorization protocols (e.g., OAuth2, OIDC, SAML, JWT) to protect data access.
• Programming Skills: Proficiency in Python, Java, Go, or similar languages used for scripting, automation, and building security controls within data pipelines.
• Compliance & Privacy: Solid understanding of data privacy regulations (e.g., GDPR, CCPA) and experience translating these regulatory requirements into technical data governance and access controls.
• Monitoring & Auditing: Experience implementing security logging, audit trails, and monitoring solutions to detect unauthorized access or data exfiltration.
• Education: Bachelor"s degree in Computer Science, Cybersecurity, Information Systems, or equivalent practical experience.
• AI/ML Security Expertise: Direct experience securing AI/ML lifecycles, LLM-powered applications, or autonomous AI agents (e.g., securing RAG architectures, mitigating prompt injection, defining data access boundaries for AI).
• Adversarial Testing: Experience leading or participating in red team exercises, penetration testing, or threat modeling specifically tailored to machine learning models and AI systems.
• Cross-Functional Leadership: Demonstrated ability to partner effectively with non-technical stakeholders, including Legal, Privacy, and Data Governance teams, to establish and enforce enterprise wide security standards.
• Advanced Threat Detection: Experience building or deploying anomaly detection systems to identify malicious activity within complex data pipelines.
• Communication Skills: Strong technical writing skills with a track record of creating developer guidelines, security standards, and best practices that enable secure-by-default engineering at scale.

Nice To Haves

• Master"s degree in a relevant field, or industry recognized security certifications (e.g., CISSP, CISM, Cloud Security certifications).

Responsibilities

• Design and implement security architecture for AI use cases, ensuring secure data access and usage through role-based access controls and authorized provisioning.
• Ensure AI use cases are aligned with Apple’s data classification standards, including appropriate data handling, storage, retention requirements and access controls.
• Implement and manage user id and persona based row-level security policies for data stored in Snowflake and other data systems connected to US applications.
• Implement and maintain row-level security policies based on user identity and persona across DBX and other data platforms supporting U.S. applications.
• Design and implement API-based security controls for AI applications, including authentication, authorization and data access policies to protect sensitive information and ensure compliant data consumption.
• Lead adversarial testing of AI systems to identify vulnerabilities, drive remediation, and safeguard Apple data from misuse and malicious activity.
• Define and enforce data access boundaries for AI agents, governing permitted data sources, actions and restricting sensitive data access.
• Define and enforce data access policies for LLM-powered chat applications, governing usage of structured and unstructured data sources, documents and context that may be surfaced in agentic responses.
• Partner with Data Governance, Legal, Privacy and Engineering teams to ensure AI data usage complies with enterprise policies, regulatory requirements (e.g., GDPR, CCPA), and internal data governance standards.
• Monitor & Audit AI data access pipelines through logging, anomaly detection and audit trails to detect unauthorized access, data exfiltration attempts or policy violations.
• Define and enforce US-wide AI data security standards, best practices, and developer guidelines to implement role-based access controls, enabling secure-by-default data practices at scale.